Get All Weeks Maturing Risk Management Coursera Quiz Answers
In management science terms, maturing a process or practice means taking positive steps over time to make it more reliable, repeatable and efficient. In practice, this means getting better every day, while showing the measurements that demonstrate improvement and suggest other opportunities to improve. As we saw in chapters one and two risk management for information intensive organizations works best when using evidence-based reasoning to identify, characterize, and take actions as necessary to resolve the issues. Course eight will bring together numerous threads that are intrinsically related to managing the risks associated with information systems.
Also, we know that cyber attack is a risk for all organizations. In this course, we will focus on bringing these ideas together in a context of continuous maturity modeling, measuring and monitoring. Risk alignment works best at the strategic long-term level of planning. By contrast risk maturation can be most effective when considered in day-to-day business operations.
This is sometimes called operationalizing one’s approach to risk management and maturation. Operationalizing risk management asks us to take the life cycle models about systems, software and data and connect or pivot them around business operations.
Week 01: Maturing Risk Management Coursera Quiz Answers
Knowledge Check: Change Management
Q1. What role does the release manager provide? (D1, L8.1)
- Tests changes
- Maintains the configuration management database (CMDB)
- Audits changes
- Schedules deployment
Q2. What role(s) should the security team have in the change management or controls process? Select all that apply. (D1, L8.1)
- Analyze proposed changes for security issues
- Review changes for impacts to compliance requirements
- Assess proposed changes for impacts to existing security policies or procedures
- Act in advisory capacity when the configuration control board asks for assistance
- Perform test case analysis to verify regression testing validates that security is intact
- Assist users in altering task-specific security procedures based on proposed changes
- Provide summary analysis of configuration control audits
Applied Scenario 1 Review: Physical Security Site Survey
Q1. You have been asked to join a team to investigate the site and perform a site survey to assess the suitability of the proposed location. What about these features could be a positive? Which could introduce a potential security risk? Directions: For each item, indicate whether these features are a positive or negative for IMI’s proposed new location. (D1, L8.2)
The site is large and reasonably separated from the town.
Q2. There is a small body of water near the location.
Q3. There is a residential area close by and employee parking is available.
Q4. The road runs very close to the front of the site.
Q5. There are many trees and shrubs around the site.
Knowledge Check: Physical Security Considerations
Q,1 What is the primary goal of physical security? (D1, L8.2)
- To delay
- To deter
- To protect
- To respond
Q.2 Which of the following are common electrical problems? (D1, L8.2)
- All of these
Week 02: Maturing Risk Management Coursera Quiz Answers
Knowledge Check: The Human Element
Directions: Answer the true/false question regarding the data and the human element. Based on the information presented, the human element is the greatest security risk to an organization. (D1, L8.3)
Activity 1: Design an Awareness Strategy
One of the reasons the human element presents such a large security risk is a lack of training. Training comes in several categories, but here we will consider perhaps the most encompassing — security awareness.
Scenario: You are working as a security professional at a mid-level company. Employees are predominantly remote and there are several regional offices/branches. The corporate culture is team-oriented and stable. Employees are goal driven and eager to support the mission and vision of the organization, but change is adopted slowly and often seen as additional work to staff rather than a benefit.
Q.1 Directions: For this activity, read the scenario presented and work in your group to design an effective security awareness training program. (D1, L8.3)
How frequently should security awareness training be provided?
Q.2You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?
- You want to provide messaging around the impact of a ransomware attack. Which would be the most impactful?
- Make a compliance-driven message that stresses the possible penalties.
- Make the message relevant to the individual on a personal level and stress how this would impact the organization.
- Make the message general enough that it would never need to be updated.
- All of these.
Q.3 Which of the following would be a way to assess the effectiveness of the security awareness training?
- Mini quizzes
- Surveys/Spot checks
- All of these
Q.4 Which of these is not a social engineering attack? (D1, L8.3)
Q,5 Which of the following best describes microtraining? (D1, L8.3)
- One-on-one, hands-on, skills- and proficiency-focused
- Group activities geared toward gaining greater awareness of fine details of security practices
- Very short-duration, task-focused tactics, which challenge users to recognize and correctly deal with suspicious events, providing immediate feedback to users
- Pejorative term referring to how most training programs somewhat fail to modify users’ security behavior
Knowledge Check: Conducting Vulnerability Assessments
Q.1 Directions: Check for understanding by answering the following true/false questions regarding vulnerability assessments. (D3, L8.4) True or False? Vulnerability assessments are considered an active task.
Q.2 True or False? A key part of the vulnerability assessment is the gathering of data needed to perform the assessment.
Q.3 True or False? The results of the vulnerability assessment are documented in a report submitted to management for action.
Knowledge Check: Host Security
Q.1 What problem may arise when using vulnerability analysis tools? (D3, L8.4)
- Scan data can be exported in a variety of formats.
- An incorrectly designed test may not yield any results.
- Scans include known vulnerabilities for software but not applications.
- There are no problems with using vulnerability analysis tools.
Q.2 Which of the following is a benefit of vulnerability testing? (D3, L8.4)
- It identifies system vulnerabilities.
- It allows for the prioritization of mitigation tasks based on system criticality and risk.
- It is considered a useful tool for comparing security posture over time, especially when done consistently each period.
- All of these.
Q.3 What are the two broad categories of vulnerability testing software? (D3, L8.4)
- General and application-specific
- Application-specific and software-specific
- General and non-general
- None of these
Knowledge Check: Perform Security Assessment Activities
Q.1 Which type of penetration test is carried out to mimic the actions of a user? (D3, L8.4)
- Zero knowledge
- Gray box
Q.2 Which of the following is not a potential problem associated with testing? (D3, L8.4)
- Conflict of interest
- System crash
- Information disclosure
- Temporal information
Chapter 8 Quiz: Maturing Risk Management
This quiz will help you to confirm your understanding and retention of concepts for this chapter. Please complete it by answering all questions, reviewing correct answers and feedback, and revisiting any chapter material you feel you need extra time with.
- This Assessment contains 10 objective item questions.
- Recommended time limit is 20 minutes, 2 minutes per question.
- Choose the best answer(s) for each question.
- You have unlimited attempts and may complete this assessment as many times as you would like.
- Passing grade for this quiz is 70%.
- Score of highest attempt will be calculated.
Your score and quiz report
- Each question carries 1 point.
- For each question, a 1/1 point indicates correct answer and 0/1 point indicates incorrect answer which you see upon quiz submission.
- Upon completion, you will be able to see your total number of attempts along with the score for each attempt.
- Your overall grade reflects the score of your highest attempt.
- Click on each attempt to view the completed quiz.
Q.1 Which data backup strategy allows data backup to an off site location via a WAN or internet connection? (D4, L8.4)
- Remote journaling
- Electronic vaulting
Q.2 Which of the following statements is most correct about incident response? (D4, L8.5)
- The goal is to prevent incidents from happening again.
- Incident response does not involve problem management.
- Incident response does not require a policy.
- The goal is to minimize damage and learn to be better prepared.
Q.3What is the recovery point objective (RPO)? (D4, L8.5)
- The maximum outage time
- The maximum outage time for critical services
- The maximum amount of data loss
- The minimum amount of data loss
Q.4 Which of the following statements is true? (D4,L8.5)
- BCP and DR are the same
- BCP is a part of DR
- DR is a part of BCP
- BCP and DR are mutually exclusive
Q.5 Which of the following is true? (D4,L8.5)
- MTD is the same as MTPD
- RPO is less than the MTD
- RPO deals with data
- All of these
Q.6 What is the last step in the change control process? (D1, L8.1)
Q.7 A security audit is best defined as what? (D3, L8.4)
- A covert series of tests designed to test network authentication, hosts and perimeter security
- A technical assessment that measures how well an organization uses security policies and controls to protect its information assets
- Employing an intrusion detection system (IDS) to monitor anomalous traffic on a network segment and logging attempted break-ins
- Hardening systems before deploying them on the corporate network
Q.8 What is the primary purpose of testing an intrusion detection system? (D3, L8.4)
- To observe that the IDS is observing and logging an appropriate response to a suspicious activity
- To determine if the IDS is capable of discarding suspect packets
- To analyze processor utilization to verify whether hardware upgrades are necessary
- To test whether the IDS can log every possible event on the network
Q.9 Which of the following documents the steps that should be performed to restore IT functions after a business disruption event? (D4, L8.5)
- Critical business functions
- Business continuity plan (BCP)
- Disaster recovery plan (DRP)
- Crisis communications plan
Q.10 In general, personnel safety assurance includes all of the following except which one? (D1, L8.2)
- Evacuation planning and facilities use planning
- Configuration management planning
- Alarms, notifications and processes for their use
- Education, training and awareness programs
I hope this Maturing Risk Management Coursera Quiz Answers would be useful for you to learn something new from the Course. If it helped you, don’t forget to bookmark our site for more Quiz Answers.
This course is intended for audiences of all experiences who are interested in learning about new skills in a business context; there are no prerequisite courses.